How to configure SSH to access the PIX firewall

In order to configure SSH to access the PIX, we need to complete two separate sets of services.

• Configure PIX to accept SSH connections.

• Configure our SSH client to connect to the PIX.

1. Below begins to configure PIX to accept SSH connection

Pixfirewall (config) #hostname TestDomain

TestDomain (config) #domain-name testdomain.com

Assigns the host name and domain name to the PIX. This is required if you want to generate an RSA key set.

TestDomain (config) #ca generate RSA key 2048

The CA zeroize RSA clears the previous configuration to produce a pair of RSA keys and is stored in flash.

TestDomain (config) #sh CA mypubkey RSA

View the RSA public key that was just generated.

TestDomain (config) #ca Save all

Once these keys are generated, we have to save it in Flash, and if this specifies a failure, the key will be removed the next time the reboot is reloaded.

TestDomain (config) #ssh 211.99.223.50 255.255.255.255 outside

Those hosts will allow access to the PIX firewall using SSH.

TestDomain (config) #ssh Timeout 60

Sets the timeout time.

TestDomain (config) #password Cisco

Set Telnet password (this will be the password we entered into PIX at the client)

The PIX firewall end configuration is complete.

2. The following is to configure the SSH client to connect to the PIX

Let's take SECURECRT 4.1 for example

Select protocol: SSH1 (because Cisco devices do not support SSH2 now)

Port number: 22

Hostname: Firewall External Port IP

Username:pix (must be PIX)

Primary:password

The above steps are complete, then we start connecting to the PIX.

When you click Connect, you will be able to enter the password, which is when you enter the Cisco you just set up to connect pix.

A few days ago to play pix encounter a small trouble, want to go through the way of SSH landing to pix, pix debugging, but how can not make SSH settings, and then after a few brothers enthusiastic help, the problem has finally been solved, I sorted out, we share it well.

Configuring PIX SSH

We can configure local SSH (non-AAA authentication by using the following command):

Hostname goss-d3-pix515b

Domain-name rtp.cisco.com

CA Gen RSA key 1024

SSH 0.0.0.0 0.0.0.0 outside

SSH Timeout 60

passwd Cisco

WR Mem

The above order is explained as follows:

The first sentence configures the host name (optional).

The second sentence to configure the domain name, this sentence must have.

CA gen RSA key 1024, which is configured with RSA key, should not be less if you use SSH with non-AAA authentication mode.

SSH 0.0.0.0 0.0.0.0 Outside, configuration can be accessed through the external interface to the PIX address range, the actual use to pay attention to address range, enough, do not open too large, SSH timeout 60, configure SSH delay, need to note that the different versions of PIX, Timeout is the unit is not the same, pay attention to distinguish between minute and second,passwd Cisco configuration Landing pix using the password for CISCO,WR mem save configuration.

Note that the WR mem cannot save the configuration on the RSA key, and you can use the CA save all to save the configuration on the RSA key.

In this way, we don't have to configure the username for each user who needs to log in to Pix, and the default username is pix when using the SSH client tool to log in to the PIX.